Splunk Infrastructure Overview — Question 5

What capability does a power user need to create a Log Event alert action?

Answer options

• A. edit_search_server
• B. edit_udp
• C. edit_tcp
• D. edit_alerts

Correct answer: C

Explanation

The correct answer is C, edit_tcp, which is necessary for configuring alerts based on TCP events. The other options, while relevant to different functionalities, do not provide the capability specifically for creating Log Event alert actions.